In the months leading up to the cut-off date for the free Windows 10 upgrade at the end of July Microsoft received criticism for its automatic upgrades. With the latest update to Windows 10 designed to make sure Cortana is always on in some form Microsoft could face more criticism for what some may see as tougher tactics.
As an IT Support Company in Hertfordshire we are often asked about different aspects of Windows 10. One of the subjects that often comes up is the A.I. style virtual personal assistant called Cortana that Microsoft has added to many of its operating systems including Windows 10, Windows 10 Mobile, Windows Phone 8, Xbox and Android.
For as long as people have been doing business they’ve tried to find handy and effective ways to stay organised whether it was diaries, secretaries, a filofax, or their Outlook calendar. Cortana takes on part of this role and more. It is intended to help the users with a number of tasks. For example Cortana can set reminders, answer questions by using information from Bing Search, and recognise the user’s voice.
Can’t Turn It Off.
As an IT Support Company in Hertfordshire we know that it’s vital that new software adds value and is easy to use and intuitive. Although Cortana is thought by many to be very useful at certain times the latest Windows 10 update means that the Cortana feature can’t be totally turned off. It is important to remember however that users have the power to instruct it not to be heard during normal computing anyway. The fact that it is always on and always at hand however could be regarded as being helpful.
Microsoft are quick to point out that although users get the best results from Cortana by signing in, if users choose not to sign in it will still be on and users will still be able to use the chat and conduct searches on the web and on their device. Users can also choose to hide Cortana in the taskbar if they wish.
By always being on Cortana will however be able to continuously collect metadata.
In order for Cortana to act as a kind of intelligent personal assistant, it needs to collect personal data about you. As well as being a practical reality this aspect of Cortana has raised concerns among some users and commentators about privacy.
The sort of data that Cortana draws upon in order to be of maximum use is your browsing and search history, your location history and information, your voice search history and your contacts, your calendar, and your content and communication history.
In short, Cortana does access a lot of your personal information and data but there is a strong argument that it needs to do this in order to provide maximum benefit. The fact that it will now be switched on and gathering data all the time therefore looks likely to make it more powerful and therefore more useful.
What Does This Mean For Your Business?
Having Cortana switched on all the time will not feel like any major change on the surface but could make the feature more helpful and effective. Cortana does in fact offer businesses a very powerful tool to help save time and help with personal organisation as well as offering a convenient, handy and portable way to access all kinds of information without being tied to a keyboard.
For example, it can help you to quickly find your device resources e.g. OS settings or files, it can help you to find specific places within walking distance when you’re out and about on business (e.g. a restaurant) and it can use ratings to help you find the best restaurant for that important business lunch meeting.
One type of malware that is now being widely used is ransomware. The tricks used by ransomware vary widely however and so here is a rough guide to how the different know types of ransomware operate.
Encrypting and Then Deleting Files
As an IT Support Company in Hertfordshire we are often asked about cyber and data security matters. Malware is a major threat to all businesses and ransomware is a particularly type of malware.
The ultimate object of ransomware is to force the victim to make a payment to halt and reverse the effects of malware i.e. pay for a software key to release the files that the ransomware has encrypted.
Jigsaw ransomware for example not only encrypts the files but deletes one of the files that it has encrypted every hour until the money is paid. This means that even if the victim pays they can’t reverse the damage. What is more, Jigsaw deletes an extra 100 files for good measure each time victim restarts their computer.
Encrypting Whole Drives and Servers.
As an IT Support Company in Hertfordshire we are often hear about how customers have been affected in the past by viruses and malware. These news types of ransomware however can cause huge disruption and problems for businesses.
Ransomware such as Petya for example encrypts whole drives such as your computer’s entire Master File Table whereas ransomware like RansomWeb and Kimcilware are designed to infect whole web servers encrypting their website databases and hosted files.
Encrypting Your Network Drives.
The scale and scope of the dishonest work carried out by variants of ransomware varies widely. Some versions such as those called DMA Locker, Locky, Cerber and CryptoFortress work by going for the network drive and try to encrypt parts of the Server Message Block (SMB).
Compressing to Speed Up Encryption!
In order to make the encryption of files as fast as possible some ransomware such as Maktub even goes to the trouble of compressing the files first.
Being Attacked in the Cloud.
With more businesses moving critical files to the Cloud so the cyber criminals follow. Some new forms of ransomware are able to delete or overwrite cloud back-ups.
Multiple Operating Systems
Ransomware such as SimpleLocker for example encrypts files on Android, and Linux.Encode.1 encrypts files on Linux.
Receive a Spoken Ransom Message Through Your Speakers
It sounds chilling but ransomware such as Cerber generates a script that allows it to speak a ransomware message through the victim’s speakers in 12 different languages!
Buying In Ransomware!
For some cyber criminals it’s simply a case of buying in ransomware such as Tox as a service via underground forums. It can provide everything the cyber criminal needs including the vital facilitating of the transfer of funds.
What Does This Mean For Your Business?
As with any malware risk the trick for a business is not to get infected in the first place with the software that enables the attack to be launched.
Businesses need therefore to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.
Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential.
The Information Commissioner’s Office (ICO) is reported to be considering making changes to the UK ‘cookie law’ that could see fewer cookie warning banners displayed on websites.
About the Cookie Law
As an IT Support Company in Hertfordshire we know how important matters of privacy and security in the online world are to web users. The cookie law is essentially a privacy measure that was introduced to make people aware of how the information about them is collected online and to give them the opportunity to say yes or no to it. The cookie lawn began life as an EU Directive before being widely adopted in 2011 and then becoming an update to the UK’s Privacy and Electronic Communications Regulations.
Cookie Banners on Websites
As an IT Support Company in Hertfordshire we know how important it is that people are able to quickly and easily access what the want on a website and they perceive their visit to your business website as being a good experience. Cookie banners can delay and can be irritating.
The actual placing of cookies on your computer itself is of course the result of clicking yes on the banner. An ICO study found that 94% of UK websites now feature these banners or warnings and that UK websites place an average of 44 cookies on your first visit. These figures mean that we in the UK have more cookies and more cookie warnings than many other European countries.
Why The Re-Think By the ICO?
Despite the ICO enforcing the law for the last 5 years they have now submitted suggestions to the EU’s Consultation for some changes for the following reasons:
What Kind of Changes?
The ICO appear to be in favour of changes that achieve a balance between the privacy rights of individuals and the information interests of business and society services. This means that the ICO would favour exemptions to the cookie law where there is minimal impact to a person’s privacy, but have rejected the EU’s suggestion of a cookie-free version of website content where the individual’s ‘choice’ would be to stop viewing the page.
What Does This Mean For Your Business?
A change in the cookie law is unlikely to have a huge commercial impact in the UK although exemptions may mean that website visitors have a better experience when visiting the company website. If subtle changes are made to the cookie law it could of course mean that changes will need to be made to the cookie banner and when / how / if it is displayed. This could mean that you will need to consult your web hosting company.
The use or malware is on the rise and especially the use or ransomware. A new Chinese variant of a ransomware that uses Google Docs as a hiding place has just been discovered.
Criminals Use Google Docs to Hide It.
As an IT Support Company in Hertfordshire we are all too familiar with the threat of malware infection that our customers face. Following in the recent wake of the ‘Locky’ and ‘Raa’ ransomware attacks comes the new variant of ransomware which cyber criminal have hidden in Google Docs.
A Variant of 'my-Little-Ransomware'.
This latest ransomware threat has been dubbed 'cuteRansomware' and Internet Security experts say it is a Chinese variant of a ransomware package published a few months ago on GitHub known as 'my-Little-Ransomware'.
What is Ramsomware?
Ransomware is a form of malware that typically encrypts important files on the victim’s computer so that they are locked out of them. A demand for money is then issued to the victim in exchange for a key to a release the files.
As an IT Support Company in Hertfordshire we can confirm that this kind of malware attack has dramatically increased in recent months, and that the criminal perpetrators are finding many different and new ways to help the ransomware to beat your security measures.
How Cute Works.
The cuteRansomware recently discovered by security researchers works in a similar way to other known ransomware programs but has some key differences that enable it to beat the victim’s security. For example, Cute:
The Reason For Using Google Docs
Unfortunately, traditional detection tools still lack visibility into SSL meaning that those deploying cute are at an advantage at this point in time.
Fewer File Types.
One small plus point is that the cuteRansomware variant seeks out and encrypts fewer file extensions than the ‘my-Little-Ransomware' that it was developed from. It is still however likely to target the most popular file extensions, thereby making it able to do a very effective job of locking the user out of their own important files.
What Does This Mean For Your Business?
As more businesses move things into the Cloud this latest ransomware indicates that Cyber Criminals will be moving there too, using the cloud for delivering malware and exfiltrating data via command-and-control. As with any malware risk however the trick for business is not to get infected in the first place.
Businesses need therefore to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.
Keeping computer updates, patches, and anti virus software up to date is also very important, particularly in the case of cute. Having a reliable, secure back up of your important files and folders is also advisable if not essential.
If you’ve long suspected that there must be plenty of untapped opportunities in the ‘Internet of Things’ (IoT) then you’re not alone. A recent ‘Barometer ‘ report by Vodafone has shown that three quarters of organisations see how they use the Internet of Things (IoT) as being a critical factor in their success.
What is the IoT?
The Internet of Things (IoT) refers to the many devices for mobile use or for use in the home and workplace that have a smart element to them or/and are connected to the Internet.
The Vodafone Barometer Report.
As an IT Support Company in Hertfordshire we are always interested in the innovative ways that companies can employ new technology to add value and gain competitive advantage. The latest Vodafone Barometer Report is based on an independent study (conducted by Circle Research) which surveyed nearly 1,100 enterprise and public-sector executives from 17 countries. It therefore provides a good snapshot of the way businesses are thinking about the use of technology and where they see the next big opportunities.
The report shows that 37% of adopters say that they are already running their entire business on IoT, and 48% say they’re using IoT to support large-scale business transformation.
In fact the report shows that three quarters businesses say that the IoT will be critical to their success in the future. As an IT Support Company in Hertfordshire we are aware of the potential of the IoT and how companies who tap into it in a way that really works for them can see some significant benefits early on.
Which Industry Sectors?
According to the report those companies who are embracing the IoT most are involved in retail and transportation and (of course) the supply of consumer electronics.
Increased IoT Budgets.
Not only are businesses making predictions and walking the walk, but they also appear to be putting their money where the mouth is. 89% of companies have increased their IoT budgets over the last year, with investment now accounting for almost a quarter of IT budgets.
The report also shows that these adopters are allocating more budget to IoT than to cloud or analytics.
Getting a Return.
The report also shows that it’s not just as case of throwing money at it now with the hope of a future return. Many businesses are reporting very positive results. 63% of businesses say they’ve seen “significant” return on investment and on average they measure a 20% improvement in metrics like revenue, cost, downtime and utilisation.
What Does This Mean For Your Business?
This report shows that the IoT is a real opportunity.
Those businesses who are ahead of the curve and have already invested in it are already reaping the considerable rewards. The chances are therefore that your business competitors will be incorporating more aspects of the IoT into their business soon (if they aren’t doing so already), and there may therefore be hitherto unknown opportunities for your business to do the same.
U.S. IT research and advisory company Gartner has warned that IT spending in the UK is likely to flatten out following the uncertainty and loss of confidence caused by the UK’s Brexit vote.
As an IT Support Company in Hertfordshire we know that businesses need to keep a close eye on their IT spending and show much return they get on their investment. Leading on from a less than spectacular negative 0.5% growth prediction anyway, the perspective from the U.S is that IT spending in the UK this year isn’t likely to grow much more.
Worldwide growth in IT spending in 2016 is likely to flatten out to $3.41 trillion and the Brexit aftershock means that last year’s UK IT spend figure of £123.9bn could now be reduced by as much as 5% in 2016’s IT spending
As an IT Support Company in Hertfordshire we know that when there are warning of hard times companies may choose to reduce or cut discretionary IT spending and may delay or even pull out of the kinds of mergers, acquisitions, and expansion projects that would have had a large IT spending element to them.
In the aftermath of the Brexit vote the erosion in business confidence, a falling pound, price increases, and general uncertainty about what happens next all indicate that for the rest of 2016 at least UK companies could be keeping IT spend to a minimum.
A Decline in Sterling
The downward trajectory of UK sterling for example has meant that US based PC maker Dell has announced a price rise to UK retailers this week. Sterling’s decline also looks likely to affecting other IT costs. For example, companies who have not already paid the annual maintenance fee on their software will notice a price increase for it because it is usually priced in dollars.
It is also thought that as well as hitting tech spending, the UK technology sector will also take a hit in terms of software developers who work in the UK potentially being tempted away to work for higher salaries in other countries. Moving out of the UK may be especially attractive if the software developers are not British and if they feel worried about their status in the UK anyway when Brexit actually starts and Article 50 is triggered.
What Does This Mean For Your Business?
If you’re thinking of reducing your IT spend or are already being hit by price rises in that area it is probably little consolation to know that you are not on your own. It is of course important to balance the urge to delay and be cautious with the recognition that technology is still advancing and many of your competitors are still likely to be moving more aspects of their business to the cloud this year.
There are still likely to be some growth areas in IT spend such as in software, and particularly in customer relationship management (CRM) software. Datacentre systems’ spending is also set to increase by 2% this year on last year.
For businesses in the UK it may also be a case of looking at how much smarter they can work and look for lower cost but innovative solutions that can help to keep them competitive.
The latest trial of a secret messaging service by Facebook hopes to build on the experience of previous attempts and create a new and popular service whereby users can choose which single device to use the service on, and can then specify how long the messages last on that device before they become hidden or are deleted.
As an IT Company in Hertfordhsire we know that privacy and security issues are important to our customers, and whether in our business or personal life there are things that people send to us in emails and texts for exampe that are commercially or perhaps personally sensitive. Facebook says it's new secret messageing service could therefore be useful to those wishing to discuss all manner of very private matters such as health and financial issues. Services like Snapchat already use a disappearing message system and this new secret message service from Facebook is their 3rd attempt at launching something similar.
One key aspect of this new service is that it uses end-to-end encryption to make the conversations on Facebook Messenger secure. Facebook themselves for example will not be able to read the messages being sent via this service unless one of the parties involved in the conversation reports or sends the details to Facebook.
As an IT Support Company in Hertfordhsire we know that people now tend to use several devices during the day in their business and personal lives e.g. their smart phone, tablet and perhaps their desktop.
One clear limitation of the new “secret conversations” service is that users are tied to one single designated device when using it. This means a conversation can’t be carried on from desktop to mobile to tablet.
Another limitation (or advantage depending on how you look at it) is that conversations on this service can only be one-to-one. At the present time the service does not support rich content such as images, videos, or making payments and it also doesn’t support chatbots.
The encryption aspect of the service clearly adds an important secure dimension to the service. The fact that the new service has been built using an open, widely used standard therefore could be a potential area for security concerns. The service is however reported to be built on the reliable protocol called ‘Signal’.
The secret conversations service is being tested on a limited basis at present although it is believed that this could be expanded later this summer.
What Does This Mean For Your Business?
If the secret converations service is used for business / commercially sensitive conversations it could of course have security advantages e.g. the encryption of the messages, the fact that the messages are only received / sent by your personal devices and therefore can’t be found on / recovered from other devices, and that messages can be set to disappear after a time period.
This means that even if you lose that device / have the device stolen the messages may still not be read by others.
If you don't know exactly where your business data is stored then you are not alone. A recent report by cyber security consultancy CNS Group has revealed that only a little over a quarter of UK business IT decision makers are able to say with ceratinty that their data is stored in the UK. The same report also shows that business IT decision makers would actually prefer their data to be stored in the UK.
Store It In the UK
As an IT Support Company in Hertfordshire we are often asked about data storage and data backup issues of all kinds. This report shows that 92% of business IT decision makers think that their data should be stored in the UK. Only 27% of those surveyed however were certain about exactly where their data was stored.
Issues based around security, control, quality, and changes in the business environment appear to be at the heart of most decision makers’ wishes to keep company information assets close to home.
Trust and Data Integrity Issues
The results of the report seem to show that the mere fact that the data is stored at least somewhere in the UK is important for UK businesses. For example not knowing whether data is stored in the UK causes questions to be raised by IT decision makers about data quality and trust. 21% of those surveyed thought that not knowing whether their data was stored in the UK could mean that there is a lack of data integrity.
22% of those surveyed also thought that not knowing whether their data was stored in the UK made them think that they did not know the accreditations or clearance of those accessing and managing their data.
One very important reason for knowing exactly where in the world business data is stored is for compliance. As an IT Support Company in Hertfordshire we know how important compliance issues can be to UK businesses, and with the EU’s General Data Protection Regulation (GDPR) due to come in to force in 2018 companies will need to be certain about where their data is stored and managed in order to comply with the regulation.
What Does This Mean For Your Business?
This report appears to show that knowing where their data is stored and managed is important in terms of feeling more in control as well as being in a better position to ensure compliance in the near future. Businesses could therefore take steps now to ensure that they are well prepared. This could mean asking for very specific information from your business data storage providers about exactly where in the world your company data is being stored, how it is backed up and encrypted and who has access to it.
Figures released by Fraud prevention service Cifasn show that we may have been be contributors to the 57% rise in identity fraud last year because we are not careful enough about what we share on social media about ourselves.
Over 85% of Identity Frauds Online
As an IT Support Company in Hertfordshire cyber and data security are issues that we take very seriously, but how many of us think very carefully about whether the kind of information we share in our online social media accounts could be useful to fraudsters?
The figures taken from 261 UK companies show that not only did the number of identity fraud victims in the UK rise from 94,500 in 2014 to 148,000 in 2015, but that over 85% of these frauds were carried out online!
Social Media First Stop
As an IT Support Company in Hertfordshire we have heard warnings about criminal using fake identities. The fact is however that convincing fake identities on social media are quite difficult to set up and many of today’s fraudsters prefer using stolen, genuine identities.
Ease of access to and vast choice offered social media profiles has meant that identity thieves are turning to platforms like Facebook, Twitter, LinkedIn as their first port of call. People freely share information about themselves on social media platforms that could easily be pieced together by determined criminals to produce a genuine identity that could in itself prove to be very lucrative.
Personal data is valuable to cyber criminals. The kind of information that identity thieves are looking for in addition your name, address and of course your bank details is your date of birth, pictures of the home, workplace or school, and perhaps any information about other potential victims.
What Does This Mean For Your Business?
For businesses this means that they are now more likely to receive fraudulent requests / orders online for goods and services from people who are using someone else’s identity. For many businesses the process for creating an account online would mean accepting the person’s details at face value and it would only be at the payment stage that detection would be most likely e.g. if they are trying to use details from an old / cancelled card.
Even then in many cases this would mean that the person who attempted to commit the fraud would be very difficult to locate.
Intel has warned against simply accepting all connect requests via LinkedIn because cyber criminals have been using the popular professional network to target victims for hacking and phishing attacks.
How Does It Work?
As an IT Support Company in Hertfordhsire we know that many businesses use LinkedIn as part of their social media strategy and that it important to try to widen your professional network to get the most out of it.
One aspect of social media however that can be used against us as well as working for us is the sharing of personal information. Social media profiles can give people a lot of information about us e.g. name, birthday, location, friends etc., so your LinkedIn profile can also reveal a lot of information about you and your connections. Personal information, especially information that could be matched up with other details and stolen information from elsewhere can be very helpful research material for cyber criminals when planning their attacks.
According to the CTO of EMEA at Intel Security, because LinkedIn is a professional network i.e. it gives details of your position in an organisation and your professional network, this can enable hackers to target senior level professionals and ultimately to target the corporate network.
Connect Requests From Cyber Criminals
As an IT Support Company in Hertfordshire we are all too aware of the rise in cyber crime in recent years, and of the ever more inventive and sophisticate ways that are being used to reach victims.
According to Intel, a cyber criminal could therefore request to connect via LinkedIn with as many junior and mid level employees and executives at the target company as possible. The criminal could then use their links with people in that organisation to provide the validation when they target the senior level executives, thus making it more likely that these executives will link connect them.
With all the right connections in place a cyber criminal could then use them to launch a well targeted phishing campaign. This could involve using name, job and company information to email things like fake invoices and authentic looking emails that could request wire money transfers or malware such as ransomware.
LinkedIn Security Concerns
This is not the first security concern relating to LinkedIn as data search engine LeakedSource recently revealed that the usernames and passwords of what could be up to 117m LinkedIn were put up for sale on the dark web by the hacker that stole the data.
What Does This Mean For Your Business?
It is important to raise awareness in your business that this type of crime exists and introducing a clear company policy around social media could also help. Members of staff should be asked to exercise caution when asked to link up with people they don’t know on LinkedIn.
Staff should also be made aware of / given some training about how to avoid common scams, including making staff aware of the risks of opening unknown attachments in emails or clicking on unknown links.
The prospect of Brexit and the resulting speculation about the consequences have meant that the Information Commissioner's Office (ICO) has stated that despite the Brexit vote there will be no relaxation in data protection laws and that the data protection laws set by the EU will still apply.
The ICO has however stated that leaving the EU before any new data protection laws come into effect could mean that these laws may not apply in the UK.
As an IT Support Company in Hertfordshire we know what an important part of governance and compliance that data protection is, and how complicated some aspects of it can be. Data protection law can be a particu;ar;y complicated area and the complications surrounding Brexit and the confusion and lack of knowledge about exactly what kind of relationship the UK will now have with the rest of Europe has led to speculation about the relevance to the UK of EU data protection laws.
The ICO has therefore sought to clarify the situation this week by confirming that in order for the UK to trade with other countries in the EU, the UK’s own data protection laws / standards will at least have to be on a par with those in the EU i.e. at least on a par with GDPR. In legal language this means that the UK will need to provide ‘adequacy’ for its own data protection laws.
What Is GDPR and Will It Still Matter?
As an IT Support Company in Hertfordhsire we are familiar with the new General Data Protection Regulation (GDPR) and what it means for UK organisations. This new EU data protection law is due to come into force in 2018 and will affect all companies worldwide that process the data of EU citizens.
The fact is that GDPR would need to be adhered to by the UK anyway, regardless of its position in the EU as the point about GDPR is that a company’s location is irrelevant. If the data a company collects and handles relates to any EU citizen and it can identify them then GDPR applies.
ICO Group Manager Says Law Unaffected By Brexit
Prior to the Bexit vote the ICO's group manager Garreth Cameron is reported to have told delegates at the Data Security in the Cloud conference that the UK's strong data protection laws would remain unaffected by a vote to leave the EU although that the exact details of how they work in that new context would be a matter for the UK government to decide.
The ICO has also stated that consistency in data protection laws for international trade is going to remain an important issue and that the huge growth in the digital economy has meant that there may need to be at least some reform to the UK’s existing data laws.
What Does This Mean For Your Business?
It’s a case of keep calm and carry on where data protection laws are concerned. The same data protection laws and regulations apply for the time being and it is also important that businesses make sure that they are prepared for and up to speed with GDPR because even though it is an EU regulation, it applies to all countries worldwide including the UK.
The Windows 10 free upgrade has been in the news again recently. As an IT Support Company in Hertfordshire we have received many questions about the upgrade but luckily we haven’t heard of it affecting a computer in quite the same way that it affected the computer of Teri Goldstein, the owner of a travel agency in California.
Forced Upgrade – Left Unstable
A recent court case involving Microsoft and Teri Golodstein revealed that her computer downloaded and started to install Windows 10 automatically without her knowledge – what is known as a forced upgrade. Unfortunately the install failed and the computer is reported to have slowed down and become unstable. This in is reported to have resulted in days of lost business. This, coupled with the fact that Microsoft’s customer support was unable to help resulted in Goldstein taking Microsoft to court.
How Do Forced Upgrades Happen?
Windows users have been given the chance over the past year to upgrade to Windows 10 from Windows 7 and 8.1 via online prompts. A change in tactics by Microsoft dating back to February however has meant a shift to ‘Recommended’ from Microsoft which essentially means that users get an automatic / forced download and install onto their PC.
As an IT Support Company in Hertfordshire we have heard many negative comments about forced / automatic upgrades.
Some users have noted that the install began before the instructions on how to stop it were clear, and that once the install begins it can’t be stopped.
Users have also complained that whereas a notification message about the upgrade should be able to be dismissed by clicking on the ‘X’ in the top corner, Microsoft’s tactical changes mean that a click on the ‘X’ is now taken as approval for the upgrade to begin.
$10,000 Paid By Microsoft
In the court case brought by Goldstein against Microsoft, she argued that her Windows 7 computer automatically tried to update itself to Windows 10 without her permission and that she had never even heard of Windows 10 at the time. Goldstein won her case and Microsoft agreed to pay her $10,000 (the equivalent of £7,500).
After initially appealing against the court's decision Microsoft, is thought to have then dropped its appeal to prevent the court costs from mounting up.
What Does This Mean For Your Business?
There is now just a month for taking up the offer of the free upgrade (by July 29th). If you’re still running older versions of Windows such as 7 & 8.1 it appears as though you will need to very soon make a decision about upgrading to Windows 10 and be very careful about how you respond to any notifications that you receive to prompt you to upgrade.
Be aware that there has been a shift to automatic downloads and that clicking on the ‘X’ in the top corner of upgrade notifications can now be taken as your approval for the upgrade to begin.
Now may be the time therefore to seek professional advice on the subject. It is also worth seeking information about the many benefits and positive aspects of Windows 10 rather than simply focusing on the potential risks.
Many of us will be all too used to receiving bogus calls supposedly from a Microsoft tech support person telling us there’s something wrong with our computer and asking us to make changes to the settings to allow them to ‘fix’ it. As an IT Support Company in Hertfordshire we of find this type of crime particularly worrying, and just make things worse there is now a new variant of this type of scam.
New Bogus Tech Support Scam
The latest incarnation of the old ‘I’m from Microsoft’ style fake tech support phone call now uses an on-screen pop-up malware warning that claims to be from your ISP and asks you to call a number.
In order for the pop-up to appear in the first place however the victim’s computer must be infected with malware. In the case of this particular scam your computer is infected using single "bad" pixel adverts.
As an IT Support Company in Hertfordshire we advise all of our customers to make sure that all relevant patches and security updates have been installed and that at least the basic, essential security measures have been taken (see Cyber Essentials).
We are all now aware that cyber crime, particularly that involving malware is relatively commonplace and the fact that we are aware and that most of us have at least some basic levels of protection means that cyber criminals need to be more cunning than ever. This latest scam as reported by US security firm Malwarebytes in the U.S., Canada and now the UK uses pop-up adverts that claim to be from popular ISPs.
How The Scam Works
In the case of this latest scam it relies upon infecting your computer in the first place with the malware which displays the pop-up advert. The worrying thing is that in this case the cyber criminals are using legitimate online advertising networks to place adverts on websites. These adverts don’t even need to be clicked on to infect your computer because they contain a single ‘bad pixel’ that can redirect you and infect your computer while you’re browsing on a legitimate website without you knowing.
How Do They Know Who Your ISP Is?
After your computer is infected by the advert, you are re-directed to an invisible page in the background that checks the IP address on your computer. The ownership of this IP address can then be traced to a specific ISP, and a pop-up advert is served on your page that features the name of that ISP and gives you a bogus number to call them on.
What Happens If You Call The Number?
Calling the number means that you will be greeted by convincing fraudsters who claim to be your ISP. From what is known about similar calls, it is likely that the fraudster will then try and convince you that you have viruses and errors on your computer which they can clean off for a fee. The final step will therefore be that they will try to persuade you to log in to your banking site.
In other bogus tech support scams, cyber criminals also use banking 'Trojans' to extract the victim’s financial information and install malware onto the victim’s computer that joins them up to a botnet so their computer is used in attacks on other computers.
What Does This Mean For Your Business?
Vigilance is once again needed to help defeat the cyber criminals. This latest attack comes on the heals of ‘Locky’ and ‘Raa’, both of which used malware. It important in this case to raise awareness among staff that they all need to be very careful in their web browsing as well as in their opening of any emails with attachments and / or emails from sources that are not familiar.
All staff should also be made aware of who the company’s ISP is and that bogus tech support calls exist and what form they take. It may also be good practice to have a designated person who deals with communication with the IT ISP.
Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential in today’s business environment.
The subject of digital currencies and how digital value is handled and exchanged has been in the news recently on a number of occasions. For example you may have heard that Australian entrepreneur Craig Wright publicly identified himself as Bitcoin creator Satoshi Nakamoto. Bitcoin is a type of digital currency, but the technology that is at the heart of Bitcoin is called Blockchain.
Far from just being a Bitcoin component, this ‘Blockchain’ technology and IT platform looks set to revolutionise how everything of value is handled in the digital world.
It’s A Global Database
As an IT Support Company in Hertfordshire we’re always excited when a change comes along that deliver new digital opportunities for businesses. It’s especially good if we’re able to describe in simple terms what the technology actually is and what it can do.
A recent Computer World article described the basis of Blockchain as a global database and a kind of “incorruptible ledger” for of economic transactions. This open and programmable technology can be used to record transactions for virtually anything of value that can be converted to code from finances to accounts, votes, insurance claims, and important documentation like marriage / birth / death certificates.
Mass Collaboration and Trust
The big advantages of this revolutionary new platform in addition to its incorruptibility are that it allows mass collaboration, and it is constantly being updated and reconciled and therefore gives a true and current view of things.
As an IT Support Company in Hertfordshire we deal with business customers for whom quality and reliability of products, services and technologies are vitally important. Blockchain has security and reliability hard coded into it through the use of the Blockchain ‘trust protocol’ which means that it is reliable and that it minimises risk.
Bitcoin and Blockchain
The value of Bitcoin reached a new 20 month high at the end of May of over $500 per Bitcoin.
Increased confidence in the use of Bitcoin and the fact that it has now been legitimised by its acceptance from reputable banks and retailers is believed to make the value of Bitcoin rise even higher for the foreseeable future. This of course will also aid the rise of Blockchain.
What Will Blockchain Mean For Your Business?
The innovative technology at the heart of Blockchain is thought to be on verge of having as high an impact as the technology that brought us PCs, the Web, mobile technology and the social web. Something this dramatic could therefore have a huge impact on how all businesses operate and could mean a major paradigm shift.
As well as providing possible new opportunities, Blockchain will first require some serious learning and training to take place. Your business could therefore first take the plunge and buy something using digital technologies. You may also want to launch a pilot project based around these technologies, hire or buy in Blockchain knowledge and consultancy to see how and where it could begin to work in your business and to train staff, and make a start upon a next-generation Blockchain architecture project.
To begin with, the awareness that Blockchain has very much arrived and keeping up with reading any news and information about it is a good place to start.
For many organisations the days of relying on huge data centres crammed full of physical servers have, or are about to come to an end. Sever virtualisation means that a physical server’s resources are divided by software into many different virtual environments / virtual machines which then essentially become ‘private servers’.
As an IT Support Company in Hertfordshire we are aware of the benefits of doing so and it is not surprising that the results of the annual Computer Weekly/TechTarget IT Priorities poll show that server virtualisation is a now top area of planned datacentre infrastructure investment for the coming year.
If you’d like to know a little more about why sever virtualisation has become so important and what kind of investment companies are likely to be making, read on.
Why Does This Poll Matter?
The Computer Weekly/TechTarget IT Priorities poll results are significant and important because they reflect the investment plans for the coming year of 1,000 European IT managers and decision makers. As well as your plans possibly being reflected in the poll results, they could also reflect the plans of your competitors.
Spend on Virtual Server Maintenance in UK and Ireland
The poll results showed that 38.4% of the 194 respondents in the UK and Ireland put server virtualisation at the top of their IT investment list for the year ahead. The Computer Weekly website used the results of Gartner research to support the idea that this planned investment is more likely to be in the maintenance of existing virtual server farms rather than in the creation of new ones.
This is because most enterprises already have the vast majority servers virtualised. The Gartner figures suggest that the worldwide level of investment in this area will be up nearly 6% on last year and could total $5.6bn.
As an IT Support Company in Hertfordshire we have seen the benefits that the move to virtualisation has given to many businesses. For example, whereas in the past companies used large numbers of physical servers (physical estates) which generally had a single app running on each of the servers, today’s businesses are keen to downsize their physical data centre footprint and consolidate wherever possible into virtual servers. This allows them to make much better and more efficient use of the processing power of servers, take up less physical space in data centres, and use less power and therefore reduce costs.
Virtualisation also allows for much greater adaptability, easier and less costly updates and it allows the money that would have been spent on the physical servers and datacentre space to be spent elsewhere.
Compliance Activities A Priority in the UK
The TechTarget IT Priorities data report showed that although datacentre consolidation was a close 2nd on the list of potential investment priorities, compliance activities were identified as a top priority with 36.8%.
What Does This Mean For Your Business?
The results of the poll reflect the many benefits that businesses are now getting from downsizing their physical datacentre footprint, consolidating and moving into virtualisation. Cost savings, and the ability to upgrade infrastructure and roll out better performing kit that takes up much less floor space are just some of the attractive benefits that can come from a move to virtualisation, all of which can translate into a more efficient, better and smarter performing, and more competitive business.
The General Data Protection Regulation (GDPR) encompasses the new regulations in relation to how the personal data of EU citizens is handled by organisations. When it comes into force in 2018 it will apply to all companies worldwide that process the data of EU citizens and it is highly likely that your company will need to be compliant.
As an IT Support Company in Hertfordshire we are very aware of the importance of companies taking measures to make sure that their data is kept safe and secure, and in a way that complies with the law, and that cyber security risks are minimised.
With GDPR about to come into force in a relatively short time, how much do you know about it and its implications for your business? Here is a brief summary of some of the main points.
It Will Still Apply, Regardless of the Referendum Result
If you hold and handle personal data about any EU citizens that could identify them GDPR will apply to your company regardless of which country you are based in or whether your country is part of the EU.
Many More Things Will Be Classed As ‘Personal Data’
GDPR will cover a much wider area in terms of what counts as personal data.
Under these new regulations, any data that could identify an individual such as genetic, mental, cultural, economic or social information will count as personal data. This means that you will have a greater management responsibility.
Obtaining Valid Consent For Information Use Will Be Necessary and Could Be Challenging
Under the new regulations your organisation MUST be able to PROVE clear and affirmative consent to process personal data. This means that your organisation must remember to explain clearly, and exactly what personal data they are collecting and how it will be processed and used. Your organisation will therefore need to make sure that this step is built into every occurrence of personal data collection without fail and that the proof is stored and can be accessed quickly if necessary.
Many Organisations Must Appoint a Data Protection Officer (DPO)
If you are a public authority processing personal information or if your main activity involves the regular and systematic monitoring of data subjects on a large scale, or if your main work involves the processing on a large scale of special categories of data you will need to appoint a DPO.
This person will of course need to be very familiar with all aspects compliance with existing UK and the new EU regulations. This could therefore have an impact on staffing and resources (for training).
Privacy Impact Assessments (PIAs) Are Mandatory
Under the GDPR Data Controllers must conduct PIAs where privacy breach risks are high so that the risks to data subjects are minimised. This means that to minimise risks to data, subjects PIAs will be needed.
There Will Be a Common Data Breach Notification Requirement of 72 hours
Your organisation will need to have the capability and systems in place to enable it to monitor for, identify and notify the ICO of a data breach within 72 hours of discovering it.
All Data Subjects Will Have ‘The Right To Be Forgotten”
Your organisation must not hold data about a person for longer than is necessary, must not change the use of the data from the purpose for which it was originally collected (when consent was given for that specific purpose), and must delete any data about a subject at the request of that data subject. This gives subjects the right to opt out completely i.e. ‘the right to be forgotten’.
Liability Goes Beyond Data Controllers
Under GDPR it won’t just be the DC who is held liable for data processing issues.
Liability and responsibility will extend to all organisations that touch personal data.
Privacy Must Be Designed and Built-In To The System
Your software, your systems and processes must be designed around compliance with the principles of data protection every step of the way.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire one of the important service that we provide is IT Consultancy. GDPR will mean that companies like yours will need to take a fresh look at how they deal with personal data. It is therefore likely that you may need to seek professional advice about how you will be able to manage your data in a safe and compliant way once GDPR comes into force.
Hardly any data will not fall under GDPR which means you will need to take GDPR seriously and become very familiar with it and its implications. GDPR will mean for example that:
For many of us in the UK view staying connected and accessible e.g. with our smart phones and mobile devices as a vital aspect of modern business, but what about those messages we receive outside of our set work hours?
As an IT Support Company in Hertfordshire we offer Telecoms, Internet Access and Wireless Connectivity services to all kinds of businesses to help them stay connected to their customers and other stakeholders. For those of us who go home from the office or clearly separate our work from our home life, we may sympathise with the current French Government’s ideas about work emails outside of work hours being seen as unwanted and potentially harmful.
The Need to Disconnect
According to recent BBC reports France’s Francois Hollande's Socialist Party are to vote for a Labour Law clause in a contentious the Labour reform bill that could mean that when employees of companies with over 50 people are out of work hours they will have the right to completely ‘disconnect’ from all work communications.
The measure has been suggested because there is a strong level of acceptance in the French government that having to answer work emails at home is stressful, intrusive, damaging to relationships and potentially damaging to a person’s health and wellbeing.
If the measure goes through it will reportedly mean that the companies affected will each need to draw up and adhere to a Charter that states after which hours staff should not send or be expected to respond to work emails.
Driven By The Digital Revolution
As an IT Support Company in Hertfordshire we have witnessed how the digital revolution has made in-roads into, and in many cases has become an integral part of our daily work and personal lives, often in a welcome way. The digital revolution however has meant that peoples’ personal lives around the world have been increasingly encroached upon by their work lives, and in France there is now a feeling that legislative intervention could offer some necessary protection.
The proposed disconnection clause is the one part that has reached consensus of a contentious new French labour law named after Labour Minister Maryam El Khomri.
2 Types of Time
The BBC article about the new measure highlighted how the French recognise two clearly different categories of time as defined by the Greeks. Chronos is the regular divisible time whereas Keiros is the kind of kind of productive and creative thinking time that employers will need to protect if the measure goes through.
Not All Agree
There are of course many arguments against the introduction of the measure. Some companies for example operate in markets around the world in many different time zones, and working at night in these markets is necessary in order to compete. In other jobs such as sales, leads arrive and buyers make their vital purchase decisions for example at unpredictable times, so here too a strict adherence to the measure may not be helpful.
What Does This Mean To Your Business?
To French businesses, if this becomes part of law it will mean some big changes to how communications are managed within many companies.
It could be argued that what may be lost in opportunities or competitiveness as a result of adherence to the clause could be made up for by e.g. a happier more creative workforce with less absenteeism, and of course a better home life.
In the UK, businesses could choose to take a leaf out of the book of our French neighbours by voluntarily taking measures to show that they value and respect workers and their wellbeing. This could be achieved in big ways such as drawing up their own company disconnect charter or in small ways such as a “no email Friday” where employees are encouraged to give themselves a break by minimising digital messaging on an allotted day.
There is also an argument that smarter working practices could minimise the need for out-of-hours intrusions and that education and the subject in your workplace could in itself help to cut down on unnecessary out-of-hours work intrusions, and reduce the stress associated with them or worrying about them.
Offering stress busting measures and activities within the company and by regularly communicating with staff and listening to their concerns could also help.
As an IT Support Company in Hertfordshire we are well placed to see how many of the by-products of operating and doing business in a digital world end up sitting on company computers, IoT devices, databases and servers. These by-products can be files generated by web browsers and their plug-ins like cookies, log files, temporary internet files, flash cookies, and other data and information from programs that has been stored. This could include secondary, non-critical information that is related to your products and services, perhaps with a view to it possibly having some use again in the future.
You will be glad to know therefore that these digital by-products now have a name - ‘data exhaust’.
How Much Data Exhaust Are We Talking About?
It is obviously difficult / virtually impossible to give an accurate estimate of the size / scale of digital exhaust in the UK although a recent Computer Weekly Article tried to describe some of the key facts about ‘data exhaust’ to us. One of these facts was the size / scale of ‘data exhaust’. Computer Weekly used the example of Google which collects all the data it can without yet having a primary use for it. Data exhaust is therefore bigger than what’s become known as ‘Big Data’ i.e. it’s too big to work with it record by record.
Some of It Could Be Useful To Your Business
As an IT Support Company in Hertfordshire we provide online backup services for all kinds of company data, some of which probably could be described as secondary data. Some of the secondary data that is collected about products and services e.g. statistics could be used to help in marketing of those products and services. Data exhaust can therefore be very useful and could be used in future to add value to your products and services.
Some of It May Never Be Useful To Your Business
There is a balance to be struck between keeping potentially transformative exhaust and simply building up a vast amount of useless data into a ‘data swamp’.
Customers May Not Like You Using It
Just because you have stored a great deal of data about your customers or subscribers and their online behaviour, it doesn’t mean that it is appropriate or wise to use it all. Using certain types of data could result in negative PR and could negatively affect your marketing and customer relations.
What Does This Mean For Your Company?
Rather than just collecting everything, your company should make decisions along the way about what data is most likely to be useful, and what data is simply clutter. This could involve consulting with the employees closest to the core business and most in touch with the data as this could help you decide what can and should be thrown away.
Companies may also want to take legal advice about what data can be used and in what way.
Building up a store of data will also require scalable storage.
There is also the need to make sure that all of the data you collect is secure and protected from potentially costly data breaches.
You may be one of the many IT decision makers in UK businesses who have been busy thinking about and possibly avoiding, putting off or ignoring any decisions relating to upgrading to Windows 10 from Windows 7 and 8.1. As an IT Support Company in Hertfordshire we have had enquiries from many different businesses about the pros and cons of Windows 10. For Microsoft however it appears that the time has come to try and move more people a little more directly towards upgrading.
From February IT commentators from several of the popular online media channels noted that they had received many reports about Microsoft switching the upgrade to ‘Recommended’, and by choosing to interpret the losing / rejection of the notification as an approval to upgrade. This apparent tactical shift by Microsoft towards ‘Recommended’ for the Windows 10 upgrade has actually been rolled out in a phased way over what has turned out to be nearly 3 months. It looks therefore as though Microsoft has made a commitment to speed things along now as regards the uptake of the free Windows 10 upgrade prior to the end of the offer in less than 2 months.
What Does ‘Recommended’ Mean?
In terms of Windows Update language, ‘Recommended’ means that (where users haven’t altered the default behaviour) there is an automatic download and install onto their PC with no human assistance needed.
Clicking the ‘X’ Can Now Equate to Tacit Approval
Most of us are used to the idea that we are able to dismiss a notification by clicking on the ‘X’ in the top corner of a notification box and that the X is an alternative to clicking on the acceptance of what we are being notified of. In the case of the Windows 10 Upgrade however, for Windows 7 & 8.1 customers whose Windows Update settings are configured to accept 'Recommended' updates, choices may now be thin on the ground.
The stage has now been reached whereby Google has revised the Get Windows 10 (GSX) app support document, and just as clicking on OK in the notification means that the upgrade and its scheduled implementation is approved, clicking on the ‘X’ also appears to indicate tacit approval.
On the face of it this tactic looks the most likely to cause some anger among users as it appears to be something that could be perceived as quite forceful. As an IT Support Company in Hertfordshire we know that businesses often need to seriously consider the impact that significant IT changes could have on the future of the business. This can often take time and can require a detailed information search and some consultancy.
The size of the automatic Windows 10 download is reported to several gigabytes, which if you didn’t really want it anyway could mean that you could find that your data connection and your available space are squeezed.
Free Windows 10 Upgrade Offer Ends July 29th
The free Windows 10 upgrade offer ends on July 29th. Reports indicate that Microsoft are likely to start removing the “Get Windows 10” from that date, but it is not known whether the it will alter the ‘Recommended’ status of the update.
What Does This Mean For Your Business?
If you’re still running older versions of Windows such as 7 & 8.1 it appears as though you will need to very soon make a decision about upgrading to Windows 10, and be very careful about how you respond to any notifications that you receive to prompt you to upgrade. Now may be the time to seek professional advice on the subject.
It is also worth seeking information about the many benefits and positive aspects of Windows 10 rather than simply focusing on the potential risks.
Data security and the weaknesses of passwords are subjects that have been very much in the spotlight recently, and these issues have led to some of the larger banks / credit companies / financial institutions moving into biometrics and even the use of ‘selfies’ as a means of authentication / verification.
Facebook however have come up with another use for facial recognition in terms of enhancing the sharing experiences on its platform. As an IT Support Company in Hertfordshire we are well placed to see what an important promotional role social media now plays in the marketing of businesses as well as for personal communications.
Facial Recognition for Photo Sharing
Facebook’s ‘Moments’ is an app similar to Google Photos or Whatsapp that allows you to group together your photos that feature the same friend or friends, and then simplifies the process of sharing the photos with them if they have installed the same app.
Moments scans your photos using facial recognition, and when it finds ‘familiar’ faces you can sync them to the subject of the photo. If your friends also have the Moments app they can see the photos added to their own synced collection (or get notified via Facebook that Moments photos are waiting for them).
The Moments app builds photo albums and slideshows featuring you and your tagged friends that can be searched and scrolled through, and renamed. The slideshows can be shared with your friends, to their Facebook wall and elsewhere. The Moments app is intended to work best by sharing photos with the closest 10 or so people to you.
The original version of Moments drew upon Facebook’s database to automatically tag photos with people’s names.
Data Protection Compliance Issues Rectified
One aspect of Moments that needed altering was the fact that it didn’t comply with the EU and Canada data protection requirement of giving people a way to opt out of the process. This has now been rectified as app now links together photos of similar-looking faces but asks the user to identify who they are.
The signs so far are that Moments is proving very popular and according to Facebook 600 million pictures have been shared via the app to date.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire we can see first hand what an increasingly digitalised business environment UK businesses now operate in. Pictures relating to your products and services, company activities, and stakeholders of the company can therefore play an important role in communication and marketing e.g. through distribution via various social media, on the website, or internally.
Apps like these can make sure that you not only get access to all of the photos that your friends / colleagues take of you but that they provide a time saving (cost saving) and easy way to share them. Keeping up with the very technical trends like these apps could also provide opportunities for reaching and engaging with specific target markets.
A respected UK Cyber Governance Health Check of FTSE companies has shown that boardrooms may be among the last to hear about cyber attack attempts on businesses and therefore may be slow to react.
As an IT Support Company in Hertfordshire it is our experience that businesses of all kinds are now giving much greater priority to cyber and data security not just for the sake of compliance, but because of the huge increase in cyber crime across all industries this year. It is therefore worrying news that the boardroom which should be leading and championing the fight against cyber crime could be too detached from this important business issue.
The Health Check
The UK government’s Cyber Governance Health Check is intended to help understand and improve how FTSE 350 companies are managing cyber security risks, and the latest Cyber Governance Health Check carried out by KPMG shows that even though two thirds of those FTSE companies have suffered a cyber attack in the last year, 54% of boardrooms only hear about cyber security twice a year or when there is a security incident.
Up until now in the UK there has been evidence to suggest that the boardroom has been a place that has given far too little time and effort to addressing cyber security issues. In 2013 for example nearly half of boardrooms thought the subject not worthy of discussions whereas that figure has thankfully fallen to 15% this year.
Too much of a heavy and inflexible focus on governance and compliance, as well as a view that cyber security was the job of the IT department are thought to be contributing factors to lack of awareness in the boardroom and vulnerability to fast evolving cyber security threats.
As an IT Support Company in Hertfordshire we are more aware than most of the many cyber threats that UK businesses now face, and we would strongly recommend that it is an issue that is given high priority in a business, especially when you consider how so many businesses have become digitalized to such a large extent.
Higher Priority But Still Underprepared
Recent research by Ipsos MORI in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth has confirmed that the issue cyber security has now been given much higher priority by businesses, but those businesses are still underprepared and are lacking the knowledge of how to improve their security.
The research showed for example that even though 69% of businesses say cyber security is either a very high (33%) or fairly high (37%) priority for their organisation’s senior management, many may not fully understand how their organisation is at risk and what action to take.
Just half *(51%) of all businesses (*the figure is higher among medium and large firms) have tried to identify the cyber security risks faced by their organisation e.g. using health checks, risk assessments or audits, but only 29% have formal written cyber security policies, and only 10% have a formal incident management plan.
The same research showed that the most common cyber security breaches over the last year (68%) have been caused by viruses /spyware / malware. Most businesses however would be likely to acknowledge that human error is a big factor in triggering virus /spyware / malware attacks.
What Does This Mean For Your Business?
Although the latest research shows that there is still a problem at boardroom level with the issue of cyber security, things have improved over the last 2 years.
It is important for UK businesses especially at board level to take steps to understand their risk profile, understand where and what their information / data assets are, and to take steps now to protect those assets and improve cyber resilience.
This could involve improving awareness among and giving training to all staff, making sure that at least all essential areas are covered e.g. using the government’s Cyber Essentials Scheme, conducting regular health checks, risk assessments or audits, making sure that formal written cyber security policies are in place and that Business Continuity and Disaster Recovery Plans are in place.
Seeking expert, external professional help and Cyber Security Consultancy Services could also be a good way to quickly get up to speed with identifying and managing the cyber security threats facing your business.
Different perceptions and a lack of awareness of the opportunities available may be the main reasons why young people miss out on IT careers in some industries according to a recent article in Computer Weekly. The article used the Financial Services industry as an example and incorporated the observations and experience of a leading London based investment management Careers Company in order to shed some light on the problem.
As an IT Support Company in Company in Hertfordshire we are well aware of some of the reasons why a person embarks upon an IT career, but it is interesting to discover why so many young people may be missing out.
According to Investment 2020 who partner with firms to provide apprenticeships and careers information to young people, some of the challenges that some young people have experienced when pursuing an IT career route in Financial Services are based around often mistaken perceptions like:
There may also be a belief among your people that they don’t possess the necessary skills to get those kinds of jobs, and a lack of awareness of the opportunities that are available.
New Opportunities All The Time
As an IT Support Company in Hertfordshire we know that with the move to mobile technology, the Cloud, the potential of the IoT, and with new developments like Blockchain, there are always going to be many new and unforeseen opportunities in the constantly evolving world of IT.
The Right Attitude
Commentators in education, IT recruitment and investment companies however are among those hoping to counter mistaken perceptions and beliefs and to point out that employers are likely top place a great deal of value on young people with the right attitude, enthusiasm, good communication skills, the ability to solve problems creatively, and a range of other softer skills. This is almost the opposite to the purely technical skills based, introverted stereotype ‘techie’ of the past.
Fast Moving Technology
According to commentators such as Andrew Rydon, CTO of IT at Henderson Global Investors it is not only true that technology roles don’t just require technical skills but also the speed at which technology is driving change in the finance industry means that it’s the ideal time for young people to join IT roles within the industry.
Supported Apprenticeships Really Are A Worthwhile Alternative
Many industry leaders and commentators are now in agreement that apprenticeships offer a very good alternative to university for young people seeking work opportunities because they can help make young people more prepared for the world of work, can help them to build up networks to support their work, and they can help young people to develop a mix of important work skills early on.
What Does This Mean For Your Business?
Technical skills are of course important and valuable but when recruiting young people for IT and technology roles, it is also important to consider the value of the other skills they posses, their attitude and their enthusiasm when considering their value to your organisation in the longer term.
Remaining open to the value of diversity, and offering structured learning and nurturing environments and programs such as apprenticeships are great ways for the Financial Services and your industry to make sure best value adding talent is attracted, nurtured, and given the opportunities to progress.
As an IT Support Company in Hertfordshire we know that there are some industries that are generally faster adopters and greater users of technology, IT and the Web for business. According to research by Nominet the UK’s domain registrar, and by the Department of Business, Innovation and Skills (BIS), many of the UK’s tradespeople could be missing out getting business by not being online.
Laggards or Local Advertising & Recommendations?
In terms of getting their business online many of the UK’s tradespeople appear to have been slow to do so. Although on the surface this could be a sign that tradespeople are ‘laggards’ in the marketing sense, many tradespeople work well from local advertising (on and offline), recommendations, and through group / comparison sites like Checkatrade, Mybuilder.com and Rated People. Although these are technically ‘online’ they don’t require tradespeople to register domains and set up websites which is what Nominet appears to be wanting them to do.
The fact is though that having their own website, advertising their own services, testimonials, details and photos of jobs / projects could help individual tradespeople to compete more effectively in a world where customers now naturally turn to Google searches for most things.
Setting Up Cafés?
The research by Nominet and the Department of Business, Innovation and Skills (BIS) found that by getting online it could mean £16,500 extra per year from an average of 21 extra jobs for tradespeople. As an IT Support Company in Hertfordshire we know how a good, well planned and regularly updated web presence can bring vital enquiries and opportunities for businesses.
What is different about Nominet’s idea however is how it plans to reach tradespeople with its message. Nominet is reaching out to tradespeople who need to get their first website by setting up ‘Bacon and Web Cafés’ around the UK starting with Old Street in London, soon to be followed by more in Birmingham, Glasgow and Manchester later in the year.
What’s In It For Nominet?
In essence Nominet is launching a new .uk domain campaign and it therefore appears to make sense to seek plenty of sign-ups from a large UK business sector that looks as though it has lagged behind in its adoption of all things technical including websites.
Lack of Knowledge?
Nominet’s own research showed that nearly a quarter of respondents would like to set up a website but didn’t know how, and 10% or respondents feared the cost of doing so. It is therefore thought that this simple lack of knowledge is the main reason why 51% painters and decorators for example have no website and 48% of cleaners have no web presence at all.
Nominet’s scheme to impart the necessary knowledge and promote its services via cafes is therefore thought to be an effective and headline-grabbing way to spread the digital word in a real world, non threatening setting.
What Could This Mean For Your Business?
For tradespeople who are helped by the scheme it could clearly mean the likelihood of getting more business in a way that is more flexible and less costly than traditional paper based advertising.
If you run a web company, Nominet’s research could have provided you with an opportunity to find your own inventive way to target a largely untapped market of tradespeople in your area e.g. advertising at popular indoor and outdoor food outlets.
How It Happened
It is normal for web hosts to store multiple websites on rented space on web servers and in that respect 123-reg is no different in renting out space on its a virtual private server (VPS). Cleaning up servers as part of maintenance is therefore important but in the case of 123-reg on this occasion it used software with automated scripts to ‘clean up’ the servers. Unfortunately a coding error in that software resulted in the deletion of multiple customer websites. The software was intended to detect server activity but the automatic deletions were triggered when the script wrongly showed several VPSs as running no servers.
67 Servers Across Europe
The customers who lost their websites in the incident had their websites hosted on 67 of the 115,000 servers that 123-reg has spread across Europe. 123-reg is part of Host Europe Group (HEG), which is reported to have described itself as Europe’s largest privately owned hosting company. 123-reg has 800,000 customers in the UK where it hosts 1.7m sites.
The fault actually occurred on the morning of Saturday 16th April and an email was sent to customers explaining what had happened the following day.
Reports indicate that as the VPS service in this case was “unmanaged” and123-reg did not have back ups of all the customer websites affected unless those customers had also specifically purchased back up. Customers who hadn’t purchased the back up aspect had therefore been responsible for backing up their websites themselves.
123-reg is however now reported to be using a data recovery specialist to "manage the process of restoration" although this will be on a on a case-by-case basis and therefore is likely to take considerably longer to resolve than those customers with backups who were able to be back online the next day.
As an IT Support Company in Hertfordshire we can imagine that the response from customers who had lost their websites would not have been one that any hosting company would like to be on the end of, and it wasn’t in this case! Reaction was predictably very angry and swift as customers took to social media like Twitter to voice their fury and frustration about how it could possibly happen, the levels of communication that they had received from the company about it, plus the impact that it would have on their businesses. Lost sales (goods, services and tickets), loss of potential new business and funding, as well as potential loss of the business itself were all concerns raised by customers.
What Does This Mean For Your Business?
This incident indicates how important it is for your business to make sure that you and / or the company that hosts your website has a secure backup of your website as well as other critical business data. Making this one of the key selection criteria for your host / hosting service could therefore save you from some serious problems in the future.
The incident also highlights how important the host selection process is in the first place, and to carefully choose a host whose services and capacity closely match the specific requirements and scale of your business both now and in the foreseeable future.
This particular incident also shows how fully automated processes can save time, but building in a simple human check at crucial points in a high potential risk system could save a lot of trouble and heartache.
Another important lesson to be learned here is that as part of IT governance in today’s business environment, and as part of your responsibility to your stakeholders it is necessary to have a disaster recovery process in place.
Disposable E-mail Could Be One Answer
Using a disposable email address when you don’t feel 100% comfortable giving out your business or personal email address can be a way to put you back in control, and to defend yourself against more spam.
What Are They?
Disposable email services, many of which are free, are operated via websites where you can generate new and individual email addresses and email aliases, and in some cases associated domain names. Depending on the disposable email service you choose the email addresses, and the mails received in the inbox (and domains) are deleted within specified short time period. This breaks the link between you and the spammers while allowing you enough time to get the information you want.
The Benefits of Disposable Email
As an IT Support Company in Hertfordshire we are hearing from more and more businesses who use disposable email because of its unique benefits. The benefits of using disposable emails for you and your business include:
Popular Examples of Disposable Email Services
Googling disposable email services gives a wide range option but here are some of the more popular examples of disposable email services:
GuerrillaMail - see https://www.guerrillamail.com/ Allows creating email addresses with nine domain names. No registration needed and email addresses last an hour.
Mailinator - see https://www.mailinator.com/ Free web-based addresses created as messages are received, with no registration required. Publicly visible email.
Air Mail - see http://getairmail.com/ Auto generated email address which gets changed every 10 seconds. You can read your inbox via your browser at a later time using a unique URL.
10 Minute Mail - see http://10minutemail.com/ Copy and paste email onto clipboard, expires in 10 minutes. Gives the option of extra 10 more minutes by clicking a link.
YOPmail - see http://www.yopmail.com/ No registration, no password. Messages are kept 8 days. Free, and fast.
MaskMe - see https://www.abine.com/maskme/ Very versatile. Mask your email, phone, and credit card as you browse and shop on the web.
As an IT Support Company in Hertfordshire we often help customers with the many different aspects of their IT security. One kind of threat that has shown quite significant growth this year is malware, and specifically ransomware scams. One of these scams that has claimed many UK victims recently is dubbed ‘Maktub’ and has led to the UK's national fraud and cybercrime reporting centre ‘Action Fraud’ call centre receiving 500 calls. Here is a bit more information about what has been described as a kind of ‘smash and grab’ ransomware attack because of its speed and effectiveness.
How the Scam Works
The ‘Maktub’ scam that was first brought to the public’s attention by Radio 4’s ‘You and Yours’ programme uses a combination of tactics to extract money from its UK victims. The first step is a phishing style email informing the victim that they owe £800 to a named UK business or charity (some well known names, some not). What adds an air of apparent credibility to the email is the fact that the targeted organisation’s postal address is included in the email. The email body also contains a link.
If the link is clicked on this starts the second step of the process which is the loading of malware (ransomware) onto the victim’s computer. The ransomware immediately takes anything of value on the hard drive and encrypts it, and this triggers the next step.
The third step is the victim being issued with a ransom demand (a bitcoin payment) for the release of the information that increases with time the longer the ransom is not paid. A website associated with the scam reportedly displays the rates at 1.4 bit coins ($580) for the first 3 days rising to 1.9 bit coins ($790).
Where Did They Get The Addresses?
The scam has unfortunately proved to be quite successful so far, and many people have asked how the criminals were able to get the postal address and link it with the name and email address for the victims. The most likely explanation is that the perpetrators obtained the data from a leaked or stolen database. This would of course also be better for the perpetrators because it makes them even harder to track down. The scam has also caused distress to the charities whose names were wrongly and unlawfully used in the emails as the creditors.
What Does This Mean For Your Business?
Even if you’re an IT Support Company in Hertfordshire you’re still as much as a legitimate target as any other organisation anywhere else for cyber criminals. We would urge everyone to take the advice of Action Fraud which is that if your business receives such an email, not to click on the link under any circumstances but to delete email from your system and to inform Action Fraud. In order to protect your business from this and other similar scams you may wish to, as part of an enterprise wide governance approach, employ a number of IT security strategies.
Some recent news that has been of particular interest therefore is the announcement of Facebook’s plans at the F8 developer conference about Bots and how anyone can now make their own bot using Facebook’s application programming interface (API) known as ‘Messenger Platform’.
Creating Our Own Bots, Powered by the ‘Central Brain’
Giving people access to the know-how within Facebook’s API means that users can now create their own uniquely intelligent bots which will then be powered by Facebook's Bot Engine, likened to a kind central brain for collective learning. The link-up with the Bot Engine means that collective learning can be passed on to the bots, thus making them more ‘intelligent’ and better at the tasks they were designed for. The predictions are therefore that Facebook’s plans could trigger a bot development gold rush, and in so doing help Facebook to gain an advantage over competitors Apple, Microsoft and Google. It could also be another possible source of future revenue for Facebook. For bot developers access to Facebook’s resources in this way could be a huge commercial opportunity.
As an IT Support Company in Hertfordshire we’re well aware that IT jargon and techie terms for things can sometimes be unhelpful, so here’s a quick explanation of what is meant by bots.
Bots are essentially computer software programs that can interact with using Artificial Intelligence e.g. Chatbots that can answer questions and chat in a way online that resembles human conversation. The hope is that these kinds of bots can bring a kind of conversation back to business that has been lost in the drive for growth scale. For example a bot could act as our very own digital personal assistant that is able to learn about our likes, dislikes and interests, answer our questions and help us to organise our lives.
The Benefits of Bots
Taking chatbots as an example the benefits for an organisation using them include:
What Can They Really Do?
There are many real-life examples of how bots are being used by organisations world wide right now. These include:
Other soon-to-be launched / soon-to-be developed bots include:
The days of using lots of different apps to get things done are now on the decline. Recent Forrester Research for example estimated that 80% of the typical US Smartphone user's time was spent in just 5 apps. Also there have been some major new developments in A.I. such as deep learning and neural networks. These have meant that chatbots can learn from data sets and mimic the way that the human brain works.
As with all new ideas there are plenty of examples of things not going to plan and plenty of potential flaws. Twitter users for example found great amusement in exploiting the learning aspect bots by training Microsoft’s chatbot ‘Tay’ to give racist and inappropriate answers. Many people also have concerns about security whereby bots which learn so much about us are let loose on a platform such as Facebook (that already knows so much about us), and what the consequences of a hack under these circumstances could be.
What Does This Mean for Your Business?
Bots could therefore mean that you could reduce costs, and add value to your services by putting bots to work to interact with your customers to enhance customer service. This could mean help and savings on labour, training and staffing, and could provide a source of competitive advantage that could be quickly added to or changed if/when needed. You could use bots for all stakeholder groups and thus you could gain a kind of virtual growth that is greater than the physical sum of your organisation’s parts.
These and other useful features such as the many plugins have made Wordpress and incredibly popular platform. In fact Wordpress now makes up 25% of all websites and as an IT Support company in Hertfordshire we have a great deal of experience of helping our customers to make their Wordpress business websites a productive and secure as possible. One potential weakness in Wordpress websites has however been highlighted by a recent DDoS cyber attack where the cyber criminals exploited the pingback feature in multiple Wordpress websites in order to use them as part of a cyber attack on another website.
In the latest reported Wordpress relates attack, researchers at Sucuri noticed that cyber criminals over a number of incidents used a huge network of 26,000 Wordpress websites to launch multiple Layer 7 (also known as flood) Denial of Service (DDoS) attacks. A Denial of Service (DDoS) attack is one where the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system.
In this most recent of a cyber attack involving Wordpress the perpetrators used a series of IP addresses (in the 220.127.116.11/24 range) to control the botnet of Wordpress sites. The 26,000 Wordpress websites were then used by the attacker to generate 10,000 to 11,000 HTTPS requests per second against one website. When subjected to a flood of requests of this kind (known as a Layer 7 or flood attack) servers are unable to handle the load, a large consumption of memory is caused, and the operation of the server is therefore seriously disrupted.
Nothing New For Wordpress
This recent DDoS attack is the most popular kind that is used against Wordpress, and is estimated to make up around 13% of all the attacks involving the system. The huge popularity and widespread knowledge of Wordpress are reasons why criminals continue to target the platform. According to Imperva’s 2015 annual Web Application Attack Report (WAAR) Wordpress is now thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications. Only last year for example thousands of Wordpress sites were attacked or hijacked using malicious ‘Nutrino Exploit Kit’ code.
Some Protection Was In Place
The frequency of this kind of attack against Wordpress has meant that the system had an IP logging feature added to its version 3.9 to enable the IP address where ‘pingback’ requests originated to be noted. This should mean that the attacker’s IP shows in the log user agent. In this most recent case however the perpetrators were able to carry out an attack despite the logging feature being in place.
What Can You Do To Protect Your Website?
If you have a Wordpress website for your business one step that you can take to prevent it being used as part of a larger attack against other sites is to disable pingbacks. It is the pingback element of Wordpress that has repeatedly been responsible for so many of the attacks.
As an IT Support Company in Hertfordshire we are fortunate enough to work with many businesses in the local area who pride themselves of providing quality products and great service to their customers. Displaying testimonials and reviews online are great ways to let potential new customers know the kind of positive experience they are likely to have if they sign up, but what if those reviews are used against us either as a form of unfair competition, or simply to damage our online reputation?
We All Use Reviews
Figures show that we all use and put a high degree of trust in online reviews. This is certainly true in our world of IT Support where we are essentially providing a service that can only really be experienced while it is being used. A 2015 Bright Local survey for example showed the proportion of consumers who read online reviews for products and services to be as high as 92%, and showed that as much as 40% of consumers form an opinion by reading just 1 to 3 reviews. Online reviews therefore can have a powerful influence on our purchasing decisions, and over the fortunes of a business. As any business that has experienced the result of one or more prominent bad reviews on e.g. Trip Advisor will know the negative impact on trade can be significant.
Although last year’s UK Competition and Markets Authority (CMA) report about online reviews and endorsements put the estimate of UK consumers who use online reviews at only 54% it did highlight one of the major concerns for businesses that has led to a lack of trust in online opinions i.e. potentially misleading practices. These include fake reviews being posted onto review sites, negative reviews not being published, and businesses paying for endorsements in blogs and other online articles without this being made clear to consumers.
A recent piece by the BBC highlighted the mixed online reviews of a Manhattan restaurant to introduce the subject of how new technology could help to cut down on misleading practices in online reviews and endorsements. This could of course benefit businesses, customers, and those who are most likely to be influenced by reviews, those who haven’t tried your product or service before. Some of the new technology that could help to restore trust in online reviews includes:
‘Twizoo’ for Twitter. This mobile app from a start-up reportedly works by weeding out paid-for and out-of-date reviews. The advantage of this app is that it takes into account a reviewer’s full social media profile and their tweets over time, and allocates a quality score. This means that it is much more difficult for fake reviews to be posted from recently set up accounts, or for friends and family of the business to influence reviews. This quality based system also reduces the clout that tweets have after a period of 3 months. This reduces the ability of dishonest tweets to have a lasting effect on the business, plus it gives a more accurate picture of the service that potential users can expect at the current time.
Yelp - secret source code. This secret algorithm at Yelp reportedly weeds out overly enthusiastic 5 star reviews.
Amazon - multiple measures. As well as constantly reviewing its own readers’ star rated reviewing system, Amazon reportedly favours reviews by standard rather than discounted paying customers as a way of improving review quality. It is also reported to have brought lawsuits against over 1,000 defendants for reviews abuse.
The Walt Disney World Wristband. This wristband system gathers information about wearer and what services they have actually used at Walt Disney World to match against the reviews.
More of a Level Playing Field in Future
The wider adoption of quality based systems like these could quite simply provide more of level playing field for businesses and could help to protect you from some of the more obvious, frustrating and damaging reviews that you may have received as a result of potentially misleading practices. These systems may also make it more difficult for some businesses to unfairly influence reviews in their favour.
A ‘Distributed Denial of Service’ (DDoS) is just such an attack, and has such it has become a very popular way for criminals to inflict damage to businesses. As an IT Support Company in Hertfordshire we often receive questions and requests from our customers about which systems provide the highest levels of security and protection from the known cyber threats. Google is now offering a service called “Project Shield” that is reported to offer and extra degree of protection in the safety of its Cloud - BUT only for certain types of websites at the moment.
The Threat of DDoS Attacks
DDoS attacks such as the one that a used a Pingback feature loophole to leverage 26,000 Wordpress websites, and similar to the attacks launched on Xbox Live and PlayStation Network gaming can be very disruptive and damaging. With DDoS the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system. The result is to overwhelm that system rendering it unavailable. It is estimated that a DDoS attack can cost the criminal around £30 to execute (presumably excluding labour costs) and it can be ordered anonymously. For the business that is the focus of the attack the results can not only be the temporary disruption, but the fallout from that disruption which can include lost customers, bad press and damage to reputation. In monetary terms estimates of the average cost of this kind of attack to a business is around the £300,000 mark.
Help From Google’s “Project Shield”
For those who run news, human rights or elections sites which host “free expression” content some comfort and protection can now be gained from the fact that Google is now offering protection in the safety of its Cloud as part of what it is calling “Project Shield”. The free service is inviting applications through its website https://projectshield.withgoogle.com/public/ . According to Google’s Project Shield if the online application is approved the successful webmaster will be emailed the configuration instructions, and provided they have administrative privileges for the website, and they can modify DNS records, protection for DDoS attacks for their website can be set up in as little as 10 minutes.
How It Works
Google’s Project Shield uses a technology known as “reverse proxy” to route a website’s traffic through Google’s infrastructure (Google Cloud Platform), whereby “illegitimate traffic” can be stopped from reaching the server. Google suggests that the service is akin to “a train conductor only letting ticketed passengers aboard”. Although it is unlikely to noticeably affect a website’s performance, users from countries where Google’s IP addresses are blocked will not be able to access the content served through Project Shield.
The 12 month ‘David and Goliath’ battle between Pensioner Deric White from Pimlico in London and Apple over the incident resulted in a judge finding that Apple had been “negligent in the treatment of the claimant's telephone, causing the claimant’s loss of photographs of particular sentimental value, and the loss of all his contacts".
The counter argument by Apple’s spokesperson that Mr White hadn’t demonstrated that he’d lost anything was finally rejected because ‘difficulty’ in assessing damages didn’t mean that no compensation should be due to the Mr White. The London County Court judge finally awarded Mr White £2,000 in damages (£1,200 in compensation, and £800 in costs)
The Value of Backing Things Up
As a Hertfordshire based IT Support Company one of the important services we offer is online backup of our customers’ valuable files and data. The loss of files for businesses (and individuals like Mr White) can be very costly and disruptive, and it is always worth making sure that your have a robust backup in place. A system that works even in low bandwidth locations and with the support of locally placed backup provides a very secure backup solution.
In Mr White’s case it is unfortunate that he agreed to sign up for iCloud just after his phone’s bungled repair, at which point he was unaware that the photos, videos and contact information had already been lost. Even though Mr White received monetary damages, this is unlikely to be a substitute for his precious digital memories which included photos and videos of his once-in-a-lifetime honeymoon trip to the Seychelles.
How It Happened
Mr White’s loss of photos, videos, and contacts occurred when he took his Apple iPhone 5 to the Apple Store in Regent Street back in December 2014 in the hope that they could stop the text messages that he’s been receiving twice a day during his honeymoon asking him to re-set his password. The files were deleted by member of staff at the ‘Genius Bar’ in the store who tried to carry out a fix. Mr White, who had also just beaten cancer, said the loss of these precious digital memories had left his wife in tears and had left him livid. Mr White said that after being told that the problem with the phone had been “sorted”, he believed that the person knew what they had done and sent him on his way “like an imbecile”.
The kind of data that we’re talking about in this case is believed to be personal data like email addresses, phone numbers and dates of birth. One other worrying aspect of the theft is that the hacked database contained the last four digits of the credit / debit cards of around 100 customers who had purchased Wetherspoon vouchers online. Obviously this aspect of the theft could have been worse but the whole episode highlights some very important points for all businesses in terms of online and data protection.
Protecting Your Business From Cyber Criminals
As a company offering IT Support Services in Hertfordshire and beyond one of the services that demand has increased noticeably for is IT Security, not just for bigger organisations but also for SME businesses. The reasons for prioritising security are that there has been a well publicised increase in cyber crime against all kinds and sizes of businesses recently. The fuel for this trend has been fast technological change and IT developments combined with ever-more adept cyber criminals sharing and using more sophisticated and creative methods. Attacks like the one against JD Wetherspoon’s database are becoming all too common for businesses across South East England. With increased cyber crime and with the introduction of new data protection regulations next year it is worth making sure that your business is a protected now.
How The JD Wetherspoon Database Hack Took Place
In the case of JD Wetherspoon, the criminals, thought to be from a Russia-based hacker group, targeted a database that was linked to an old version of their website that was still with the old host. This is one of the most likely reasons why the crime that occurred back in June has only recently been detected. The stolen customer details are from those signed up to receive the Wetherspoon’s newsletter, registered with The Cloud to use Wi-Fi in their pubs, submitted a contact us form on the website, and / or bought vouchers online prior to August 2014.
Not Detected by JD Wetherspoon
One of the worrying aspects of this hack was that it wasn’t actually detected at all by JD Wetherspoon, but only came to light thanks to a cyber intelligence group called CyberInt. They made the discovery while investigating another case where the breach reportedly came up in their Argos Cyber Threat Intelligence Platform via one of its sources (a cyber-crime forum on the Dark Web). CyberInt now believe that the stolen information is likely to be sold on a forum run by Russian hacker ‘w0rm’, and that JD Wetherspoon is probably one of many ‘Big Names’ targeted by the same hacker group.
The motivation for this and many similar crimes is likely to be use of the stolen data to commit more crime such as theft (of money & identity) and fraud. This type of crime can have a serious negative effect on the lives of those whose data has been stolen and sold. It is also worth remembering too that a theft like this can also damage to the reputation and the brand value of the company that the data was stolen from. In the case of JD Wetherspoon the fact that there was such a long gap between the crime and its detection meant that it also didn’t allow any time for customers affected to take any precautionary steps to prevent the criminals from taking money from their bank accounts.
Since the crime’s detection the Information Commissioners Office (ICO) has been notified of the breach and a forensic investigation is now underway. JD Wetherspoon are reported to have said that that there are no indications that the stolen data has been used for fraudulent activity to date.
Protecting Your Business From Cyber Criminals
Falling victim to this kind of security breach and not reporting can mean large fines, greater reputational damage, and other legal consequences. Moves that you can make to protect your business include ensuring that security practices and systems are up to date and robust, and that they conform to best practice. The advice from the experts at CyberInt is that this can be best done by “collecting targeted cyber intelligence from thousands of sources including the dark web, the deep web, social networks and other sources, and by continuously assessing the organisation’s resilience to these attacks.”
Other research figures such as those by The Centre For Retail Research also appear to support this finding. Their figures show that in 2015 in the UK only 16.5% of online spending was done by smartphone, compared to 71.4% by PC and 12.1% by tablet. The same study showed even less purchasing online by smartphone in the rest of Europe - only 7%.
The most likely causes of this frustrating trend for businesses are the practicalities of handling a phone compared to a tablet or desktop. The current (and recent past) crop of mobile phones can be small and fiddly and can make it difficult to carry out many of the data input operations needed to make a purchase e.g. credit card and delivery address details.
Immediacy & A Good Response Rate
One advantage that mobile phones certainly have over the desktop or tablet for example is their immediacy i.e. they are always with us. This tends to mean that any special offers sent to then are likely to have a good response rate.
Although the use of smartphones to actually make a purchase appears to be less than you would expect, it is on the increase. For example UK Black Friday weekend shopping in November via smartphone totalled £472 million.
Possible Solutions To The Problem
Several new systems and different formats have been developed to help increase purchases made by mobile phones. Some high profile ones include:
After the initial wave of blackmail emails, it now seems that some ex members of the website are now receiving blackmail letters. Those targeted so far have been ex members living in Canada because this is where most of Ashley Madison’s members are based. The recent ‘snail mail’ extortionists are banking on those exposed members paying up to prevent their partners, wives and loved ones finding out that they were members of a website that appeared to facilitate affairs.
How Did This Happen?
It is widely believed that hackers calling themselves ‘The Impact Team’ were able to hack into a main database, and from there make several high profile data dumps, and put the on the ‘dark web’ where it could be accessed by cyber criminals using encrypted browsers. As well as the uncomfortable situation that many ex members find themselves in, it also seems like there could be more grief to come for Ashley Madison itself in the future. The hackers are reported as saying that they have 300 GB of employee emails in their possession, and tens of thousands of Ashley Madison user pictures and user messages.
The vast majority of Ashley Madison members / ex members who had their details stolen are reported to be men (an estimated maximum of 14% were women). Within only 48 hours of the reports of the security breach going public dozens of Canadian citizens contacted legal firms in order to file lawsuits against Ashley Madison. An early public casualty of the exposure was U.S. reality TV star and ironically former executive director of the anti-abortion and pro-marriage group Family Research Council Josh Duggar. He then resigned from the post and publicly confessed his infidelity. There have also been 2 suicides in Canada linked to the leak.
What Is The Relevance of This Story?
As an IT Support Company in Hertfordshire, the relevance of us telling you about a dating site security hack that mostly affected Canadian members is that hackers can operate from anywhere in the world, can be very sophisticated and cunning in their methods, and would be willing to target the data of any business, including yours if a) if you make it easy for them to do so and b) if it has a value. As we have put things like CRMs and larger and more sophisticated databases at the centre of our businesses we have all become more tempting targets for cyber criminals.
The Latest - The Blackmail Letters
Security expert blogger Graham Cluley has reported that some ex members of the website are now receiving blackmail demands through the post. These letters are reported to be asking for sums around the £3,000 mark in order for the receiver to avoid their membership of the website being made known to their loved ones. The advice from online security experts like Graham Cluley is for recipients of the blackmail letters to ignore the demands and to share the letter with the authorities.
The reality in 2016 is that whether you are an IT Support Company in Hertfordshire like us, an international business, or a local SME business in the South East, you are now at risk of an attack by cyber criminals. As we as a business community hear about more frequent and some very high profile cyber attacks, we are now prioritising our online and data security, and listening more to what the professionals have to say.
The New Norton Cyber Security Report
One of the main messages that the new Norton Cyber Security Report appears to deliver is that even though we may assume that the millennial generation are the most teach-savvy generation, they are also the generation who are less likely to heed warnings about cyber crime. This is surprising when you consider that they also the generation who are likely to have been informed most about the reports of cyber crime e.g. through their use of social media and due to the fact that the Web as one of if not the main source of news and information has only come about during their lifetime.
What the Stats Say
We as global consumers have spent an average of 21 hours and $358 per person over the last year dealing with online crime, and although the fear of cyber crime exists in the home and workplace, action to reduce the risks is often lacking.
Why Are the Millennial Generation More at Risk?
1. According to the 2016 Norton Security Report they are less security conscious when it comes to choosing and using passwords. 32 % of millennials in the UK share their passwords for online services compared to 13 % of baby boomers. Only 33% of millennials said they always use a secure password (the 8 character letter and number mix) compared to 49% of baby boomers. 2. One in five millennials for example felt like their chances of being compromised by cybercrime was negligible. This indicates that they appear to perceive less risk and don’t seem to fear the consequences of security breaches. These 2 factors together go some way towards explaining why 31% of millennials say they fallen victim to cyber crime.
The Lessons For Business
Based on the findings of the 2016 Norton Cyber Security Report business owners should not to assume that just because someone is young they are necessarily more web savvy, and therefore less of a security risk. To maintain an effective defence against cyber attack all staff members, regardless of age, should be briefed and made aware of how to work in a secure and compliant way online.
Other findings in the report such as the fact that nearly half of the millennials surveyed rely on credit card companies to protect them after a hack, could also suggest that younger staff members may be less prone to taking responsibility for the results of security breaches as well as being less cautious in the first place. This could suggest that they are more likely to be the source of security breaches and therefore may need frequent reminders of the risks and of your organisations security procedures and policies.
No matter what the industry, communication and efficiency are key. In recent years advances in email and mobile phone technology have helped pave the way to staying connected. But the Cloud is taking over!
Office 365 is a cloud-based service, taking the industry’s most recognised software and making it accessible from wherever you are in the world. With high tech security controls and back up systems in place, using Office 365 enables you to have remote access to emails, documents, contacts and calendars at the touch of a button. This eliminates paper work and saves time, ultimately improving efficiency and productivity in the workplace.
Employees will find transition to Office 365 smooth and efficient as it also runs the standard Microsoft software such as Word, PowerPoint, Excel and Publisher.
Using a standard Internet connection, this cloud offering allows both office-based and remote workers to access live information at any given time, supported with features such as instant messaging to drive productivity and help stay connected.
Skype for Business plays a big part in cloud software, being a key tool in bringing international companies closer together. Skype for Business offers the opportunity to host video conference calls to any worldwide location. This significantly reduces travel time, expenditure and other associated costs.
With any cloud-based software you also gain the advantage of being up-to-date at all times, with upgrades and downloads to install as they become available. This method of upgrading eliminates any associated costs that would normally be spent on engineers and IT specialists.
This saving can also be seen with hosted cloud services. Data centres have been set up around the UK and worldwide, home to all the required computer hardware and servers. Operated and run by IT specialists, the data centres are manned 24 hours a day, 7 days a week, to ensure servers are fully operational at all times. You essentially get all the benefits of an in-house server without the upfront and running costs making this an ideal option for new start-up businesses as well as SME’s looking to expand.
Ultimately, cloud-based solutions have transformed work processes so much that they are set to stay. They offer a company the opportunity to work in a modern, efficient and well-connected environment. However, with all your data located off-site you need to work with a company that you can trust. GCIS are IT specialists and offer a comprehensive range of technology solutions, from structured cabling, access control and telecom solutions, as well as a range of cloud solutions.
GCIS understand that no two businesses are the same and have a wide and varied portfolio working with small start-up businesses through to large corporate enterprises, offering bespoke products to suit any requirement. For more information on their range of services you can call 01438 347090 or email email@example.com.
Whilst our old website served us well, we decided that it was time to launch a new and improved version that reflects the company offering in 2015. Additionally we have created the website to be 'Mobile Friendly' ahead of the forthcoming Google update.
We hope you enjoy using the website and find that it provides the information you need quickly, with a minimum of hassle.
If you have any feedback, please get in touch.